Effectiveness of Antivirus Programs - Page 2

Wolfram · 01. Jun 2014, 06:23 PM

For you, Mr. J_L, and for other interested readers, as well, I decided to write a longer than usual answer:

I assume that you know which are the most common [Windows] file name extensions:

".exe" - for a program
".com" - for a MS-DOS program
".pif" - for a shortcut to a MS-DOS program
".bat" - for a Batch file
".scr" - for a Screen Saver file

The types of files that are considered the most dangerous are usually program files (.exe); then macros, and .com files.

When you receive files with the above mentioned file name extensions - from no matter what source! -, my advice is to save them in a separate folder, on your PC; and to scan them, as soon as possible, with up-to-date Antivirus software, before opening them. Especially if they arrive "packed" in archives; and your AV is not set to scan (deep) inside archives.

Microsoft ditto:

"Some viruses use files with two extensions - to make dangerous files look like safe files. For example, Document.txt.exe or Photos.jpg.exe. The extension farthest to the right [.exe] is the one that Windows will try to open. [What the user will usually see is only "Photos.jpg"!] It is extremely rare that a legitimate file would have two extensions, so avoid downloading or opening this type of file.

There are files that are safer to download, than program or macro files, such as text (.txt), or image (.jpg, .gif, .png) files. However, you should still be wary of unknown sources, as some of these files have been known to have specially crafted formats that can exploit vulnerabilities in computer systems."

Most people know that .exe files are potentially dangerous. But that is not the only file extension to beware of. There is a variety of other potentially dangerous file extensions - more than you might expect: 50+! Here you have an almost complete list of such files:

http://www.howtogeek.com/137270/50-f...us-on-windows/

Files meant to run on other Operating Systems - like the ones derived from UNIX (Linux, Solaris, the BSDs, Cygwin, AIX, ...), MacOS X, and also for BeOS and Amiga -, are usually "harmless". But, sometimes, in "intentionally prepared" archives with the extension ".tar", specific to Linux, archives recognized by, say, WinRAR, under Windows, their evil creators can hide dangerous files (for example, specially crafted ".pdf" files, able to exploit the vulnerabilities of Adobe Reader).

If, by accident, on your PC, "lands" a weird file, or a file with an unknown extension, or with NO EXTENSION at all, and that file worries you, I would recommend you to use a "File Identifier" program; such as the one developed by Marco Pontello: "TrID".

According to its author...

"TrID is an utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way.

TrID has many uses: identify what kind of file was sent to you via e-mail, aid in forensic analysis, support in file recovery, etc.

TrID uses a database of definitions which describe recurring patterns for supported file types. As this is subject to very frequent update, it's made available as a separate package. Just download both TrID and this archive, and unpack in the same folder."

You can find out more about TrID, here: http://mark0.net/soft-trid-e.html

It is not the only utility of this kind. But it is the most well-known.

And yes, you are right: we can no longer rely on the manufacturers of Security Solutions. Their products have weaknesses. Their developers do not have enough time to test them thoroughly, as it should. And the Malware producers are always with one step ahead of the producers of "countermeasures". Add to this the fact that the researchers who discover vulnerabilities, in Windows, sometimes prefer to sell them to the members of the Cybercrime cartels, for ten times more money than Microsoft would offer them for their findings.

That is why I proposed a "radical solution": the "ROM-ization" of Windows. Especially because the newest versions of this OS contain more than 50 MILLIONS of Source Lines of Code. It is impossible, for a human being, to inspect, in detail, all that code.

The future versions of Windows will certainly contain vulnerabilities - including because they inherit code from the previous versions of Windows. If the OS will be putted in a ROM, then the "Malware", even if it will be capable to exploit, up to a certain point, those vulnerabilities, it could be very easily removed. The simple command "Delete" will be enough. Because the Malware will no longer reside in protected system folders (like System 32); and it will no longer reside in Registry.

Another advantage of Windows-in-ROM: the "paging file" too, will no longer be necessary. Thus, the HDD / SSD will not be accessed, again and again, on the same track. And the "Malware" will not be able to save parts of itself on that track.-

Remah · 08. Jun 2014, 11:46 PM

The title of this thread is rather misleading. Although the first post does start on the topic of the "Effectiveness of Antivirus Programs", it is only the lead-in to promote the idea of "Windows-in-ROM". That appears to by what was removed from the review comments and why it should have a more specific title here.

Cthulhux · 11. Jun 2014, 12:25 PM

Anti-virus software is snake-oil independently of the operating system it is used with.

J_L · 11. Jun 2014, 07:54 PM

Quote:

Originally Posted by Cthulhux

Anti-virus software is snake-oil independently of the operating system it is used with.

I'd like for you to enlighten us with the alternatives of detecting malicious files if you may.

Cthulhux · 11. Jun 2014, 07:55 PM

There's no way to safely detect them. Live with that.

J_L · 12. Jun 2014, 03:35 PM

I'll take 99% VirusTotal over 50% "live with that" any day thank you very much. Guess I'll do the enlightening instead: http://www.techsupportalert.com/cont...-malicious.htm

Cthulhux · 12. Jun 2014, 03:40 PM

"VirusAlmostTotalAtLeastThoseWhichHaveBeenAroundFo rYears" then?

J_L · 13. Jun 2014, 07:40 AM

So basically you want to bash antiviruses so much that leaving users in the dark is a better solution?

Cthulhux · 13. Jun 2014, 11:28 AM

No security is less dangerous than imaginary security.

J_L · 13. Jun 2014, 09:24 PM

It's crystal clear who is imagining things, so I'll leave it at that.

01. Jun 2014, 06:23 PM	#1 (permalink)
Wolfram Member Join Date: Jan 2013 Posts: 13	For you, Mr. J_L, and for other interested readers, as well, I decided to write a longer than usual answer: I assume that you know which are the most common [Windows] file name extensions: ".exe" - for a program ".com" - for a MS-DOS program ".pif" - for a shortcut to a MS-DOS program ".bat" - for a Batch file ".scr" - for a Screen Saver file The types of files that are considered the most dangerous are usually program files (.exe); then macros, and .com files. When you receive files with the above mentioned file name extensions - from no matter what source! -, my advice is to save them in a separate folder, on your PC; and to scan them, as soon as possible, with up-to-date Antivirus software, before opening them. Especially if they arrive "packed" in archives; and your AV is not set to scan (deep) inside archives. Microsoft ditto: "Some viruses use files with two extensions - to make dangerous files look like safe files. For example, Document.txt.exe or Photos.jpg.exe. The extension farthest to the right [.exe] is the one that Windows will try to open. [What the user will usually see is only "Photos.jpg"!] It is extremely rare that a legitimate file would have two extensions, so avoid downloading or opening this type of file. There are files that are safer to download, than program or macro files, such as text (.txt), or image (.jpg, .gif, .png) files. However, you should still be wary of unknown sources, as some of these files have been known to have specially crafted formats that can exploit vulnerabilities in computer systems." Most people know that .exe files are potentially dangerous. But that is not the only file extension to beware of. There is a variety of other potentially dangerous file extensions - more than you might expect: 50+! Here you have an almost complete list of such files: http://www.howtogeek.com/137270/50-f...us-on-windows/ Files meant to run on other Operating Systems - like the ones derived from UNIX (Linux, Solaris, the BSDs, Cygwin, AIX, ...), MacOS X, and also for BeOS and Amiga -, are usually "harmless". But, sometimes, in "intentionally prepared" archives with the extension ".tar", specific to Linux, archives recognized by, say, WinRAR, under Windows, their evil creators can hide dangerous files (for example, specially crafted ".pdf" files, able to exploit the vulnerabilities of Adobe Reader). If, by accident, on your PC, "lands" a weird file, or a file with an unknown extension, or with NO EXTENSION at all, and that file worries you, I would recommend you to use a "File Identifier" program; such as the one developed by Marco Pontello: "TrID". According to its author... "TrID is an utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way. TrID has many uses: identify what kind of file was sent to you via e-mail, aid in forensic analysis, support in file recovery, etc. TrID uses a database of definitions which describe recurring patterns for supported file types. As this is subject to very frequent update, it's made available as a separate package. Just download both TrID and this archive, and unpack in the same folder." You can find out more about TrID, here: http://mark0.net/soft-trid-e.html It is not the only utility of this kind. But it is the most well-known. And yes, you are right: we can no longer rely on the manufacturers of Security Solutions. Their products have weaknesses. Their developers do not have enough time to test them thoroughly, as it should. And the Malware producers are always with one step ahead of the producers of "countermeasures". Add to this the fact that the researchers who discover vulnerabilities, in Windows, sometimes prefer to sell them to the members of the Cybercrime cartels, for ten times more money than Microsoft would offer them for their findings. That is why I proposed a "radical solution": the "ROM-ization" of Windows. Especially because the newest versions of this OS contain more than 50 MILLIONS of Source Lines of Code. It is impossible, for a human being, to inspect, in detail, all that code. The future versions of Windows will certainly contain vulnerabilities - including because they inherit code from the previous versions of Windows. If the OS will be putted in a ROM, then the "Malware", even if it will be capable to exploit, up to a certain point, those vulnerabilities, it could be very easily removed. The simple command "Delete" will be enough. Because the Malware will no longer reside in protected system folders (like System 32); and it will no longer reside in Registry. Another advantage of Windows-in-ROM: the "paging file" too, will no longer be necessary. Thus, the HDD / SSD will not be accessed, again and again, on the same track. And the "Malware" will not be able to save parts of itself on that track.- Last edited by Wolfram; 01. Jun 2014 at 06:34 PM. Reason: typing mistake

08. Jun 2014, 11:46 PM	#2 (permalink)
Remah Editor Join Date: Jul 2010 Location: New Zealand Posts: 1,385	The title of this thread is rather misleading. Although the first post does start on the topic of the "Effectiveness of Antivirus Programs", it is only the lead-in to promote the idea of "Windows-in-ROM". That appears to by what was removed from the review comments and why it should have a more specific title here. __________________ Better to light a candle ... than to curse the darkness.

11. Jun 2014, 12:25 PM	#3 (permalink)
Cthulhux Editor [Android] Join Date: Aug 2013 Posts: 222	Anti-virus software is snake-oil independently of the operating system it is used with. __________________ Hi. I'm new here.

11. Jun 2014, 07:55 PM	#5 (permalink)
Cthulhux Editor [Android] Join Date: Aug 2013 Posts: 222	There's no way to safely detect them. Live with that. __________________ Hi. I'm new here.

12. Jun 2014, 03:40 PM	#7 (permalink)
Cthulhux Editor [Android] Join Date: Aug 2013 Posts: 222	"VirusAlmostTotalAtLeastThoseWhichHaveBeenAroundFo rYears" then? __________________ Hi. I'm new here.

12. Jun 2014, 03:35 PM	#6 (permalink)
J_L Co-Author, Best Free Security List Join Date: Dec 2008 Posts: 1,969	I'll take 99% VirusTotal over 50% "live with that" any day thank you very much. Guess I'll do the enlightening instead: http://www.techsupportalert.com/cont...-malicious.htm

13. Jun 2014, 07:40 AM	#8 (permalink)
J_L Co-Author, Best Free Security List Join Date: Dec 2008 Posts: 1,969	So basically you want to bash antiviruses so much that leaving users in the dark is a better solution?

13. Jun 2014, 11:28 AM	#9 (permalink)
Cthulhux Editor [Android] Join Date: Aug 2013 Posts: 222	No security is less dangerous than imaginary security. __________________ Hi. I'm new here.

13. Jun 2014, 09:24 PM	#10 (permalink)
J_L Co-Author, Best Free Security List Join Date: Dec 2008 Posts: 1,969	It's crystal clear who is imagining things, so I'll leave it at that.

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode